Apache Wicket is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is caused due to an error in the evaluation of the fetch metadata headers within FetchMetadataResourceIsolationPolicy.java
. This allows an attacker to bypass the Cross-Site Request Forgery (CSRF) protection mechanism.
CPE | Name | Operator | Version |
---|---|---|---|
wicket core | le | 9.16.0 | |
wicket core | le | 10.0.0-M2 | |
wicket core | le | 9.16.0 | |
wicket core | le | 10.0.0-M2 |